The use of passwords to control access to resources such as computers, databases, telecommunication equipment or access control systems is well known. Prior to being given access to a requested resource, the user inputs a valid password normally known only by the user and recorded in a memory of the system thus ensuring the control of the identity between the input password and the recorded password.
The password is usually constituted of a sequence of alphanumeric characters. Such passwords are difficult to remember especially when the password is an arbitrary sequence of alphanumeric characters. The user frequently selects the same password for different equipment (access code for a portable computer, cell phone code, etc.) to resolve this problem. This multiplies the risks that a malicious third party can intercept the password. It also occurs frequently that the password is selected from among sequences that are easy to remember (1234, ABCD, 0000 or a date of birth or other sequence that would be easy to guess) which considerably reduces the security of such authentication methods.
One example of a system is EP 1022922 which describes an authentication method comprising a registration step during which the subscriber selects and records a password in the form of a sequence of characters and authentication steps during which the user inputs a password and transmits it to the server for comparison and validation.
Also known is WO 113243 which discloses a user identification method that enables identification of a user who is a subscriber to a service on a computer network. This method consists notably of requesting that the user submit a unique graphic to the service provider via the intermediary of the information page, the graphic comprising integrated data pertaining to a second password and comparing a first submitted password with the extracted second password to determine whether the predefined relationship exists between the passwords. The user is granted the status of identified subscribing user if the predefined relationship exists and is then provided with access to the service.
The methods based on alphanumeric passwords are also easy to break by using robots generating permutations of alphanumeric characters.
Another drawback of these solutions is based on the fact that the repeated input of the password causes wear of the input keys which makes it easy to detect the password.
An authentication method was proposed in EP 0677801 based on the designation of graphic zones of a predetermined image in a predetermined order. That method comprises means for displaying a predetermined image, means for storing a predetermined number of positions in the predetermined image and means for enabling a user to designate positions in the displayed image.
That solution is not satisfactory either because it uses a pointing device, and involves manipulation of graphic objects requiring adequate memories and noteworthy expenses for transmitting the graphical objects in the case in which they are recorded on a server.
It would therefore be advantageous to resolve these drawbacks by providing a method providing secure access to a resource, especially to a computer-related or telecommunication resource, conciliating a high degree of security and a more convenient use.